libvir-list-bounces@redhat.com wrote on 10/22/2008
05:51:46 AM:
> "Daniel P. Berrange" <berrange@redhat.com>
> Sent by: libvir-list-bounces@redhat.com
>
[...]
> >
> > Again, I could have a three host machines each one with a different
> > policy package say targeted, mls and overt policy package. If
all three
> > understand what a system_u:system_r:virtd_t:s0 type is, then
all three
> > could run the image.
>
> I guess my point was that we need a way to determine whether the policy
> on any machine is suitable for running a VM, before placing the VM
on
> that host. In the context of a data center mgmt app we can have 100's
or
> 1000's of possible virtualization enabled hosts. Not all of these
> hosts will be providing the same level of functionality / same versions
> of software, including selinux policy.
This sounds like there would need to be an API for
the retrieval of the current policy module that applies to the labeling
of for example the qemu process. A management application would then certainly
need to interpret this policy module to understand what labels are possible.
How about enabling the update of this policy module by exposing an API
that lets one set a new policy so that virtual machines with new labels
can be placed? Would this be within scope of the security extensions? The
actual labeling of the virtual machine image files could probably have
to be left up to other management APIs that may deal with making those
virtual machine images available, but nevertheless an API for labeling
of VM images may be useful as well.
Stefan